[Dovecot] Shared mailbox ACL

Alex Ferrara alex at receptiveit.com.au
Wed Jan 29 06:02:23 EET 2014


On 28/01/2014, at 6:37 PM, Steffen Kaiser <skdovecot at smail.inf.fh-brs.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On Fri, 24 Jan 2014, Alex Ferrara wrote:
> 
>> I have been able to get the inbox of the shared mailbox to appear in Thunderbird, but I would like to allow all subfolders to have the same ACLs. Is there a way to do this without having an ACL entry for each folder in the dovecot-acl file?
> 
> No, currently you need one file per mailbox.

Thanks for the pointer Steffen. Since I am migrating from an established Cyrus installation, I thought that I would be smart about this and make a little script. I have made the script available at the bottom of this message if anyone is interested.

> 
>>                                 I also cannot seem to create folders
>> under the shared inbox.
> 
> If the accessing user has the "k"-permission, there might be problems with the unix file permissions. Latter logs errors. I think I remember something that you cannot give ACLs to the top most root of some mail storages, e.g. in Maildir Maildir/dovecot-acl applies to the INBOX and there is no file for the "/" or something like that. Can you create a new mailbox below, say, the INBOX?

This is still a problem for me. I can create folders on subfolders of the shared folder, but not under the shared folder itself. I have set "mail_shared_explicit_inbox = no" so the shared folder is the inbox.

If I change "mail_shared_explicit_inbox = yes" then I can create folders underneath the inbox, but still not in the top level. Folders that are already there from the migration work fine. The current configuration I have does not have an inbox per shared mailbox, so I would prefer to replicate that if possible.

I am a little unsure what to try next as I have turned on debug logging and there is no entry in the logs when I unsuccessfully try to create a folder under the top level.

dupacl.sh

#!/bin/bash

IFS_BAK=$IFS
IFS="
"

MAILROOT='/mnt/mail/mailboxes'
MAILUSER='vmail'
MAILGROUP='vmail'
SHAREDFILE='/etc/dovecot/shared-mailboxes'

function usage {
  echo -e "Dovecot ACL tool\n"
  echo -e "The purpose of this tool is to clone the ACL of the inbox to all child folders\n"
  echo -e "$0 [ mailbox | -all | -new ]"
  exit 1
}

function cloneacl {
  MAILBOX="$MAILROOT/$1/Maildir"
  ACLFILE="$MAILBOX/dovecot-acl"

  if [ -d "$MAILBOX" ]; then
    echo "Working on mailbox $1..."

    # Make sure we have an ACL file
    if [ -f "$ACLFILE" ]; then
      if [ "$2" == "-new" ]; then
        echo "Found ACL file in mailbox $1. Skipping"
        return
      fi
    else
      echo "ACL file does not exist. Creating one"
      echo "group=$1 lrwstipekxa" > "$ACLFILE"
      chown $MAILUSER:$MAILGROUP "$ACLFILE"
    fi

    # Copy the ACL file to sub directories
    for dir in `find $MAILBOX -type d -name ".*"`; do
      cp -av $MAILBOX/dovecot-acl "$dir/"
    done

    # Remove the dovecot-acl-list to make the mailboxes appear
    if [ -f "$ACLFILE-list" ]; then
      rm "$ACLFILE-list"
    fi
  else
    echo "Mailbox $1 does not exist"
    exit 1
  fi
}

if [ "$1" == "-all" -o "$1" == "-new" ]; then
  SHARED=`grep shared/ "$SHAREDFILE" | cut -d / -f 4`

  for mailbox in $SHARED; do
    cloneacl $mailbox $1
  done
elif [ $1 ];then
  cloneacl $1 -single
else
  usage
fi

IFS=$IFS_BAK
IFS_BAK=


More information about the dovecot mailing list